Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-06 CVE-2017-16636 Cross-site Scripting vulnerability in Bludit 1.5.2/2.0.1
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context.
network
low complexity
bludit CWE-79
5.4
2017-11-06 CVE-2017-16635 Cross-site Scripting vulnerability in Tinywebgallery 2.4
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module.
network
low complexity
tinywebgallery CWE-79
5.4
2017-11-06 CVE-2017-14025 Improper Input Validation vulnerability in Hitachienergy Fox515T Firmware 1.0
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0.
local
low complexity
hitachienergy CWE-20
5.5
2017-11-06 CVE-2017-14023 Improper Input Validation vulnerability in Siemens Simatic Pcs7 and Simatic Wincc
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions.
network
low complexity
siemens CWE-20
4.9
2017-11-06 CVE-2017-14016 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
6.3
2017-11-06 CVE-2017-15306 NULL Pointer Dereference vulnerability in Linux Kernel
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
local
low complexity
linux CWE-476
5.5
2017-11-06 CVE-2017-7425 Cross-site Scripting vulnerability in Netiq Imanager 3.0.3.2
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
network
low complexity
netiq CWE-79
6.1
2017-11-06 CVE-2015-7878 Cross-site Scripting vulnerability in Taxonomy Find Project Taxonomy Find
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
network
low complexity
taxonomy-find-project CWE-79
5.4
2017-11-06 CVE-2017-16569 Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
network
low complexity
zurmo CWE-601
4.8
2017-11-06 CVE-2017-16564 Cross-site Scripting vulnerability in Grandstream Ht802 Firmware
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
network
low complexity
grandstream CWE-79
5.4